Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Security in Computing and Communication

SSCC 2015: Security in Computing and Communications pp 438–452Cite as

Technical Aspects of Cyber Kill Chain

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 536))

Abstract

Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on organizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target. This paper broadly categories the methodologies, techniques and tools involved in cyber-attacks. This paper intends to help a cyber security researcher to realize the options available to an attacker at every stage of a cyber-attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Malware Risks And Mitigation Report. 1st ed. BITS - The financial services roundtable (2011). http://www.nist.gov/itl/upload/BITS-Malware-Report-Jun2011.pdf

  2. Ranum, M.J.: Breaking Cyber Kill Chains. Tenable Network Security (2014). http://www.tenable.com/blog/breaking-cyber-kill-chains

  3. Sager, T.: Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention. Sansorg (2014). http://www.sans.org/reading-room/whitepapers/detection/killing-advanced-threats-tracks-intelligent-approach-attack-prevention-35302

  4. The Cyber Attack Cycle. http://www.eur.army.mil/vigilance/Cyber_Attack_Cycle.pdf

  5. Hartley, M.: Strengthening Cyber Kill Chain with Cyber Threat Intelligence. iSIGHT Partners (2014). http://www.isightpartners.com/2014/09/strenghtening-cyber-kill-chain-cyber-threat-intelligence-part-1-of-2/

  6. Hartley, M.: The Cyber Threat Kill Chain Part 2 of 2 - iSIGHT partners. iSIGHT partners (2014). http://www.isightpartners.com/2014/10/cyber-threat-kill-chain-part-2-2/

  7. Davis, R.: Exploit Kill Chain with Controls — Critical Start. Criticalstartcom (2015). http://www.criticalstart.com/2014/01/exploit-kill-chain-with-controls/

  8. Engel, G: Deconstructing the Cyber Kill Chain. Dark Reading (2014). http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

  9. IT Security Reconnaissance. http://itsecurity.telelink.com/reconnaissance/

  10. Pernet, C.: APT Kill chain - Part 3: Reconnaissance - Airbus D&S CyberSecurity blog (2014). http://blog.cassidiancybersecurity.com/post/2014/05/APT-Kill-chain-Part-3-Reconnaissance

  11. Bhamidipati, S.: The Art of Reconnaissance - Simple Techniques. sans.org (2002). http://www.sans.org/reading-room/whitepapers/auditing/art-reconnaissance-simple-techniques-60

  12. Security Threat Report 2013. 1st ed. SOPHOS. http://www.sophos.com/en-us/medialibrary/pdfs/other/sophossecuritythreatrep-ort2013.pdf

  13. Security Threat Report 2014. 1st ed. SOPHOS. https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf

  14. Rodionov, E., Matrosov, A.: Defeating Anti-Forensics in Contemporary Complex Threats

    Google Scholar 

  15. Securelist.com.: The Ventir Trojan: Assemble Your MacOS Spy - Securelist. N.p (2015)

    Google Scholar 

  16. Anley, C., et al.: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. John Wiley & Sons, New York (2011)

    Google Scholar 

  17. Research.zscaler.com.: Zscaler Research: Njrat & H-Worm Variant Infections Continue To Rise. N.p (2015)

    Google Scholar 

  18. CVE -Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/

  19. Pernet, C.: APT Kill chain - Part 4: Initial compromise - Airbus D&S CyberSecurity blog 2014. http://blog.airbuscybersecurity.com/post/2014/06/APT-Kill-chain-Part-4-%3A-Initial-compromise

  20. GitHub, DeviceFingerprint. https://github.com/dimalinux/DeviceFingerprint

  21. CVE security vulnerability database. Security vulnerabilities, exploits, references and more. http://www.cvedetails.com/

  22. Oehlert, P.: Violating assumptions with fuzzing. IEEE Secur. Priv. 3(2), 58–62 (2005)

    Article  Google Scholar 

  23. Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, Upper Saddle River (2007)

    Google Scholar 

  24. Godefroid, P., Levin, M.Y., Molnar, D.: SAGE: whitebox fuzzing for security testing. Queue 10(1), 20 (2012)

    Article  Google Scholar 

  25. Contagio: An Overview of Exploit Packs (Update 24), March 2015. http://contagiodump.blogspot.in/2010/06/overview-of-exploit-packs-update.html

  26. Chien, E., Szr, P.: Symantec Security Response: Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses Virus Bulletin (2002). http://www.symantec.com/avcenter/reference/blended.attacks.pdf

  27. Hardikar, A.: Malware 101 - Viruses. sansorg (2008). http://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848

  28. Kleissner, P.: Stoned bootkit. In: Black Hat, USA, pp. 5–7 (2009)

    Google Scholar 

  29. Gradiner, J., Cova, M.: Shishir Nagaraja: Command and Control : Understanding, Denying and Detecting (2014)

    Google Scholar 

  30. Seenivasan, D., Shanthi, K.: Categories of botnet: a survey. Int. J. Comput. Control Quantum Inf. Eng. 8(9), 1589–1592 (2014)

    Google Scholar 

  31. Yen, T.-F., Heorhiadi, V., Oprea, A., Reiter, M.K., Juels, A.: An epiemiological study of malware encounters in a large enterprise. In: ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  32. QinetiQ. Command & Control: Understanding, Denying, Detecting, 36 February 2014. http://www.cpni.gov.uk/Documents/Publications/2014/2014-04-11-cc/qinetiq/report.pdf

  33. Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the Storm (Peacomm) worm. In: SRI Technical Report 10–01 (2007)

    Google Scholar 

  34. Statista. Facebook: figures of monthly active users 2014 — Statistic (2015). http://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/

  35. Fireeye.com. Evasive Tactics: Taidoor Threat Research — FireEye Inc. (2013). https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html

  36. Tools.ietf.org. RFC 1459 - Internet Relay Chat Protocol (2015). https://tools.ietf.org/html/rfc1459

  37. Ietf.org. RFC 2616 - Hypertext Transfer Protocol - HTTP/1.1 (1999). https://www.ietf.org/rfc/rfc2616.txt

  38. Ietf.org. RFC 959 - FILE TRANSFER PROTOCOL (FTP) (1985). https://www.ietf.org/rfc/rfc959.txt

  39. Ietf.org. RFC 793 - TRANSMISSION CONTROL PROTOCOL (1981). https://www.ietf.org/rfc/rfc793.txt

  40. Fox-IT International blog. Large botnet cause of recent Tor network overload (2013). http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload. Accessed 24 March 2015

  41. IOActive Inc. Reversal and Analysis of Zeus and SpyEye Banking Trojans (1st ed., p. 31). Seattle: IOActive, Incorporated (2012). http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf

  42. FireEye. Poison Ivy: Assessing Damage and Extracting Intelligence (1st ed., p. 33). California: FireEye Inc (2014). https://www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf

  43. ydklijnsma: Large botnet cause of recent Tor network overload 2013. http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

  44. Ietf.org. RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (1987). https://www.ietf.org/rfc/rfc1035.txt

  45. Porras, P., Saidi, H., Yegneswaran, V.: A foray into confickers logic and rendezvous points. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2009)

    Google Scholar 

  46. Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57(2), 475–486 (2013)

    Article  Google Scholar 

  47. DAMBALLA. Behind Todays Crimeware Installation Lifecycle: How Advanced Malware Morphs to Remain Stealthy and Persistent 10 (1st ed., p. 10). Atlanta: DAMBALLA (2015). https://www.damballa.com/downloads/r_pubs/WP_Advanced_Malware_Install_LifeCycle.pdf

  48. A View From Front Lines. 1st ed. MANDIANT A FireEye Company (2015). http://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf

  49. Pernet, C.: APT Kill chain - Part 5: Access Strenghtening and lateral movements - Airbus D&S CyberSecurity blog (2014). http://blog.airbuscybersecurity.com/post/2014/11/APT-Kill-chain-Part-5-3A-Access-Strenghtening-and-lateral-movements

  50. Naseem, F., shafqat, M., Sabir, U., Shahzad, A.: A survey of botnet technology and detectiion. Int. J. Video Image Process. Netw. Secur. IJVIPNS-IJENS 10(01), 9–12 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Defence Research and Development Organisation, New Delhi, India

    Tarun Yadav & Arvind Mallari Rao

Authors
  1. Tarun Yadav
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arvind Mallari Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tarun Yadav .

Editor information

Editors and Affiliations

  1. Deakin University, Geelong, Victoria, Australia

    Jemal H. Abawajy

  2. IBM Research-India, New Delhi, India

    Sougata Mukherjea

  3. Indian Institute of Information Technology and Management, Kerala, India

    Sabu M. Thampi

  4. University of Murcia, Espinardo, Murcia, Spain

    Antonio Ruiz-Martínez

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Yadav, T., Rao, A.M. (2015). Technical Aspects of Cyber Kill Chain. In: Abawajy, J., Mukherjea, S., Thampi, S., Ruiz-Martínez, A. (eds) Security in Computing and Communications. SSCC 2015. Communications in Computer and Information Science, vol 536. Springer, Cham. https://doi.org/10.1007/978-3-319-22915-7_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22915-7_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22914-0

  • Online ISBN: 978-3-319-22915-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation